Privacy Policy — TrueMargin

1. Who we are

TrueMargin is a Shopify app that helps merchants understand the true profitability of their business by analyzing margins, costs, refunds, and advertising spend.

2. Data about merchants

When you install TrueMargin on your Shopify store, we access and store the following through the Shopify Admin API:

• Shop name, domain, timezone, and currency
• Your Shopify user ID and the email address you used to install the app
• Your products, variants, pricing, cost of goods sold (COGS), and inventory
• Your orders, line items, discounts, shipping costs, refunds, and transaction fees
• Usage data (which features you use, when syncs run, error logs)

If you choose to connect a third-party advertising account (currently only Meta Ads), we also store:

• The ad account metadata (ad account name, ad account ID)
• An encrypted access token, used only to fetch your ad spend data
• The ad spend data itself (daily spend per campaign)

Access tokens are encrypted at rest using AES-256-GCM before being stored in our database.

3. Data about your customers (shoppers)

The only piece of personal data about your end customers that TrueMargin stores is the email address attached to each order, as provided by Shopify.

We use this email exclusively to:

• Group orders per customer for aggregated analytics (lifetime value, repeat purchase rate, customer segmentation)

We do not store customer names, phone numbers, addresses, IP addresses, payment details, or any other personally identifiable information about your customers.

In the TrueMargin user interface, customer emails are always masked (e.g. joh***@gmail.com); the full email never leaves our server when rendering pages. The only exception is a merchant-initiated CSV export of customer segments, which contains raw emails. We log each such export server-side (shop, count, timestamp — without any customer data) for audit purposes.

We do not:

• Send emails to your customers
• Share customer data with any third party
• Use customer data to train AI or machine learning models
• Track customers across stores
• Install tracking pixels, script tags, or cookies on your storefront

4. Why we process this data

We process this data exclusively to:

• Calculate and display profit margins, contribution margin, break-even ROAS, and related financial metrics
• Track the impact of refunds, discounts, fees, and ad spend on your profitability
• Provide insights into product and customer performance
• Sync data between Shopify, TrueMargin, and your connected ad platforms

The legal basis for processing, under GDPR, is the performance of our contract with you (Art. 6(1)(b) GDPR) — you installed TrueMargin to receive these analytics, and we cannot deliver them without processing the data.

5. How long we keep data

• While the app is installed: we retain all data to provide ongoing analytics.
• When you uninstall the app: Shopify sends a shop/redact webhook 48 hours after uninstall. Upon receiving it, we delete all your shop data — including any stored customer email addresses — from our database.
• When one of your customers exercises their GDPR right to erasure: we anonymize their email on all matching orders within 30 days, as required by GDPR. Technically this means we set the customerEmail field to NULL — the order records themselves remain so your analytics stay intact, but the personal data is removed.
• When one of your customers requests a copy of their data: we record the request with a 30-day response deadline. You will receive the request in Shopify's standard flow; contact us if you need our assistance.

We do not retain data for marketing, profiling, or any secondary purposes.

6. Sub-processors

We use the following third parties to operate TrueMargin:

• Shopify Inc. — core app hosting, authentication, and primary data source. Your data already resides here.
• Neon (Neon Inc.) — managed serverless Postgres database hosting. This is where merchant data, customer email addresses, and encrypted access tokens are stored. Hosted on AWS in the EU (eu-central-1, Frankfurt, Germany), with data encrypted at rest using AES-256.
• Fly.io (Fly.io, Inc.) — application server hosting. Processes data in transit while serving the app; no customer data is stored at rest on the application servers. Hosted in the EU (Amsterdam, Netherlands).
• Meta Platforms, Inc. — only if you connect your Meta Ads account. Data flows from Meta to TrueMargin, never the other way around.

We do not use analytics trackers, advertising pixels, or third-party cookies in the app.

7. Your rights and your customers' rights

Under the GDPR and similar privacy laws, data subjects have the right to:

• Access — request a copy of the personal data we hold
• Rectification — ask us to correct inaccurate data
• Erasure — request deletion of personal data
• Restriction or objection — limit or object to specific processing
• Portability — receive personal data in a structured, machine-readable format

If you are a merchant: email us and we will respond within 30 days.

If you are a customer of a merchant who uses TrueMargin: please contact the merchant directly. They can trigger Shopify's customers/data_request or customers/redact webhook, which we process automatically.

If you believe we are mishandling your data, you have the right to lodge a complaint with your local data protection authority. In Belgium this is the Gegevensbeschermingsautoriteit (GBA).

8. Security

We protect data through:

• HTTPS everywhere — no unencrypted traffic
• AES-256-GCM encryption for access tokens and other sensitive fields at rest
• Server-side email masking for customer data in the UI
• Database-backed sessions (no third-party cookies for authentication)
• CSRF-safe OAuth flows with cryptographic random nonces
• HMAC signature verification on all incoming webhooks
• Least privilege: TrueMargin only requests the Shopify scopes it actually needs

9. International data transfers

If our hosting provider is located outside the European Economic Area (EEA), we ensure adequate safeguards are in place through the European Commission's Standard Contractual Clauses or equivalent legal mechanisms.

10. Children's data

TrueMargin is directed at business users, not children. We do not knowingly process personal data of children under 16.

11. Changes to this policy

We may update this policy as TrueMargin evolves. Material changes will be announced in the app. The "last updated" date at the top reflects the most recent revision.

12. Contact